update: establishing the receiver role clearly

main
_ 2021-01-17 18:00:45 -06:00
parent fb1e133ca1
commit bc625095c7
8 changed files with 189 additions and 112 deletions

View File

@ -5,15 +5,24 @@ CXX_FLAGS=$(FLAGS) -c
L_FLAGS=$(FLAGS) L_FLAGS=$(FLAGS)
LIBS=-lsodium LIBS=-lsodium
bmc_test: bmc_test.o base64.o string_helpers.o time_helpers.o bmc_test: bmc_test.o base64.o expiring_signature.o receiver.o sodium_helpers.o string_helpers.o time_helpers.o
$(CXX) -o $@ $^ $(L_FLAGS) $(LIBS) $(CXX) -o $@ $^ $(L_FLAGS) $(LIBS)
bmc_test.o: bmc_test.cpp string_helpers.h time_helpers.h bmc_test.o: bmc_test.cpp expiring_signature.h receiver.h sodium_helpers.h string_helpers.h time_helpers.h
$(CXX) -o $@ $(CXX_FLAGS) $< $(CXX) -o $@ $(CXX_FLAGS) $<
base64.o: cpp-base64/base64.cpp cpp-base64/base64.h base64.o: cpp-base64/base64.cpp cpp-base64/base64.h
$(CXX) -o $@ $(CXX_FLAGS) $< $(CXX) -o $@ $(CXX_FLAGS) $<
expiring_signature.o: expiring_signature.cpp expiring_signature.h
$(CXX) -o $@ $(CXX_FLAGS) $<
receiver.o: receiver.cpp receiver.h expiring_signature.h sodium_helpers.h string_helpers.h time_helpers.h
$(CXX) -o $@ $(CXX_FLAGS) $<
sodium_helpers.o: sodium_helpers.cpp sodium_helpers.h
$(CXX) -o $@ $(CXX_FLAGS) $<
string_helpers.o: string_helpers.cpp string_helpers.h cpp-base64/base64.h string_helpers.o: string_helpers.cpp string_helpers.h cpp-base64/base64.h
$(CXX) -o $@ $(CXX_FLAGS) $< $(CXX) -o $@ $(CXX_FLAGS) $<
@ -21,5 +30,5 @@ time_helpers.o: time_helpers.cpp time_helpers.h
$(CXX) -o $@ $(CXX_FLAGS) $< $(CXX) -o $@ $(CXX_FLAGS) $<
clean: clean:
rm -f bmc_test bmc_test.o base64.o string_helpers.o rm -f bmc_test bmc_test.o base64.o expiring_signature.o receiver.o sodium_helpers.o string_helpers.o time_helpers.o

View File

@ -7,9 +7,12 @@
#include <sodium.h> #include <sodium.h>
#include "cpp-base64/base64.h" // #include "cpp-base64/base64.h"
#include "json.hpp" #include "json.hpp"
#include "expiring_signature.h"
#include "receiver.h"
#include "sodium_helpers.h"
#include "string_helpers.h" #include "string_helpers.h"
#include "time_helpers.h" #include "time_helpers.h"
@ -18,113 +21,6 @@ using nlohmann::json;
using namespace BareMinimumCrypto; using namespace BareMinimumCrypto;
struct ExpiringSignature {
string cert_s;
vector <uint8_t> sig;
// C++ nonsense
bool operator == (const ExpiringSignature & o) const {
return
cert_s == o.cert_s &&
sig == o.sig
;
}
bool operator != (const ExpiringSignature & o) const {
return ! (*this == o);
}
};
void try_sodium_init () {
if (sodium_init () < 0) {
throw std::runtime_error ("Can't initialize libsodium");
}
}
bool is_pubkey_length (const vector <uint8_t> & v) {
return v.size () == crypto_sign_PUBLICKEYBYTES;
}
optional <vector <uint8_t>> try_verify_signed_data (
const ExpiringSignature & sig,
const vector <uint8_t> & pubkey,
Instant now
) {
try_sodium_init ();
if (! is_pubkey_length (pubkey)) {
return nullopt;
}
if (crypto_sign_verify_detached (
sig.sig.data (),
(const uint8_t *)sig.cert_s.data (),
sig.cert_s.size (),
pubkey.data ()
) != 0) {
return nullopt;
}
const json j = json::parse (sig.cert_s);
const TimeRange tr {
j ["not_before"],
j ["not_after"]
};
if (! tr.contains (now)) {
return nullopt;
}
const string payload_b64 = j ["payload_b64"];
const auto payload = std::move (*BareMinimumCrypto::base64_decode (payload_b64));
return payload;
}
optional <vector <uint8_t>> verify_signed_data (
const ExpiringSignature & sig,
const vector <uint8_t> & pubkey,
Instant now
) {
try {
return try_verify_signed_data (sig, pubkey, now);
}
catch (json::exception &) {
return nullopt;
}
}
optional <vector <uint8_t>> verify_cert_and_data (
const ExpiringSignature & signed_cert,
const ExpiringSignature & signed_data,
const vector <uint8_t> & root_pubkey,
Instant now
) {
auto subkey_opt = verify_signed_data (signed_cert, root_pubkey, now);
if (! subkey_opt) {
return nullopt;
}
const auto subkey = std::move (*subkey_opt);
return verify_signed_data (signed_data, subkey, now);
}
optional <vector <uint8_t>> verify_cert_and_data (
const ExpiringSignature & signed_cert,
const ExpiringSignature & signed_data,
const vector <uint8_t> & root_pubkey
) {
return verify_cert_and_data (signed_cert, signed_data, root_pubkey, Instant::now ());
}
optional <vector <uint8_t>> verify_signed_data (
const ExpiringSignature & sig,
const vector <uint8_t> & pubkey
) {
return verify_signed_data (sig, pubkey, Instant::now ());
}
class SigningKey { class SigningKey {
vector <uint8_t> pk; vector <uint8_t> pk;
vector <uint8_t> sk; vector <uint8_t> sk;
@ -243,7 +139,7 @@ int happy_path () {
// even though the receiver has never seen the sub-key. // even though the receiver has never seen the sub-key.
const auto root_pubkey = root_key.pubkey (); const auto root_pubkey = root_key.pubkey ();
auto verified_opt = verify_cert_and_data (cert, signed_data, root_pubkey); auto verified_opt = Receiver::verify_cert_and_data (cert, signed_data, root_pubkey);
if (! verified_opt) { if (! verified_opt) {
cerr << "Receiver couldn't verify cert and data" << endl; cerr << "Receiver couldn't verify cert and data" << endl;
return 1; return 1;

View File

@ -0,0 +1,15 @@
#include "expiring_signature.h"
namespace BareMinimumCrypto {
// C++ nonsense
bool ExpiringSignature::operator == (const ExpiringSignature & o) const {
return
cert_s == o.cert_s &&
sig == o.sig
;
}
bool ExpiringSignature::operator != (const ExpiringSignature & o) const {
return ! (*this == o);
}
}

View File

@ -0,0 +1,17 @@
#pragma once
#include <stdint.h>
#include <string>
#include <vector>
namespace BareMinimumCrypto {
using namespace std;
struct ExpiringSignature {
string cert_s;
vector <uint8_t> sig;
bool operator == (const ExpiringSignature & o) const;
bool operator != (const ExpiringSignature & o) const;
};
}

View File

@ -0,0 +1,91 @@
#include "receiver.h"
#include <sodium.h>
#include "json.hpp"
#include "expiring_signature.h"
#include "sodium_helpers.h"
#include "string_helpers.h"
#include "time_helpers.h"
namespace BareMinimumCrypto::Receiver {
using nlohmann::json;
bool is_pubkey_length (const vector <uint8_t> & v) {
return v.size () == crypto_sign_PUBLICKEYBYTES;
}
optional <vector <uint8_t>> try_verify_signed_data (
const ExpiringSignature & sig,
const vector <uint8_t> & pubkey,
Instant now
) {
try_sodium_init ();
if (! is_pubkey_length (pubkey)) {
return nullopt;
}
if (crypto_sign_verify_detached (
sig.sig.data (),
(const uint8_t *)sig.cert_s.data (),
sig.cert_s.size (),
pubkey.data ()
) != 0) {
return nullopt;
}
const json j = json::parse (sig.cert_s);
const TimeRange tr {
j ["not_before"],
j ["not_after"]
};
if (! tr.contains (now)) {
return nullopt;
}
const string payload_b64 = j ["payload_b64"];
const auto payload = std::move (*BareMinimumCrypto::base64_decode (payload_b64));
return payload;
}
optional <vector <uint8_t>> verify_signed_data (
const ExpiringSignature & sig,
const vector <uint8_t> & pubkey,
Instant now
) {
try {
return try_verify_signed_data (sig, pubkey, now);
}
catch (json::exception &) {
return nullopt;
}
}
optional <vector <uint8_t>> verify_cert_and_data (
const ExpiringSignature & signed_cert,
const ExpiringSignature & signed_data,
const vector <uint8_t> & root_pubkey,
Instant now
) {
auto subkey_opt = verify_signed_data (signed_cert, root_pubkey, now);
if (! subkey_opt) {
return nullopt;
}
const auto subkey = std::move (*subkey_opt);
return verify_signed_data (signed_data, subkey, now);
}
optional <vector <uint8_t>> verify_cert_and_data (
const ExpiringSignature & signed_cert,
const ExpiringSignature & signed_data,
const vector <uint8_t> & root_pubkey
) {
return verify_cert_and_data (signed_cert, signed_data, root_pubkey, Instant::now ());
}
}

View File

@ -0,0 +1,31 @@
#pragma once
#include <optional>
#include <stdint.h>
#include <vector>
namespace BareMinimumCrypto {
struct ExpiringSignature;
}
// Structs and functions for the receiver role.
/*
The receiver needs to keep at least one root pubkey saved to
non-volatile memory. Since root keys are long-lived, you can
just compile them into the receiver app, too.
All the receiver does is receive combined cert-and-data messages,
and attempt to verify them. The subkeys used to directly sign the
data don't need to be saved, but should be logged.
*/
namespace BareMinimumCrypto::Receiver {
using namespace std;
optional <vector <uint8_t>> verify_cert_and_data (
const ExpiringSignature & signed_cert,
const ExpiringSignature & signed_data,
const vector <uint8_t> & root_pubkey
);
}

View File

@ -0,0 +1,13 @@
#include "sodium_helpers.h"
#include <stdexcept>
#include <sodium.h>
namespace BareMinimumCrypto {
void try_sodium_init () {
if (sodium_init () < 0) {
throw std::runtime_error ("Can't initialize libsodium");
}
}
}

View File

@ -0,0 +1,5 @@
#pragma once
namespace BareMinimumCrypto {
void try_sodium_init ();
}